INFORMATION BRIEFING ON THE PROCESSING OF PERSONAL DATA
pursuant to article 13 of Regulation (EU) 2016/679 (“Privacy Policy”)

This information briefing is provided pursuant to Regulation (EU) 2016/679 (hereinafter “Regulation” or “GDPR”) and describes the methods of processing the personal data of users who consult and use this website, accessible at the address http://www.c-tech.implant.com/it/ (hereinafter also “Site”), or who use the services offered through the Site.

Based on the current European Regulation on the protection of personal data no. 679/2016 (“GDPR”), the collection and processing shall always follow principles of legality, propriety and transparency.

On consulting the Site, data relating to the user may be processed (defined as “interested party” insofar as an identified or identifiable natural person).

1. DATA CONTROLLER

The Data Controller is C TECH IMPLANT S.R.L. in the person of its pro tempore legal representative, VAT No.: 03051331209, with registered office in Via Cesare Battisti n. 2 – Bologna (BO), email info@c-tech-implant.com (hereinafter “Data Controller”).

1. DATA PROTECTION OFFICER (DPO)

The Data Protection Officer (DPO) is Mr Massimo Di Menna. For any matters regarding the protection of personal data, including the exercise of the rights granted to the interested party by the current legislation, please contact the Data Protection Officer: massimo.dimenna@gruppoIngegneria.it

1. TYPE OF DATA COLLECTED, PURPOSE, LEGAL BASIS AND RETENTION TIMES.

 

1. Navigation Data

Personal Data can be collected independently by the Data Controller or through third parties.

In this case, the computer systems and software procedures used to operate this Site acquire Users’ Personal Data of a technical-computer nature (e.g. the IP address, the type of browser used, the operating system, the domain name and the addresses of websites from which access was made or terminated, etc.), the transmission of which is essential for the normal operation of the internet.

Purpose: These Data may be processed for the sole purpose of obtaining anonymous statistical information on the use of the site and/or to check its correct functioning.

Retention: These Data will be deleted immediately after processing.

Legal Basis: The processing is carried out on the basis of the legitimate interest of the Data Controller to make the Site usable and ensure its safe navigation (Article 6, paragraph 1, letter f). Solely for the specific activity of profiling, the express consent of the interested party (Article 6, paragraph 1, letter a) is required.

2. Contacts by the user via email, telephone contact, filling out the form.

The optional, explicit and voluntary sending of communications by email to the addresses indicated on this site leads to the subsequent acquisition of the data communicated by the user, including email address, and the consent to receive any response to their requests.

In this case, the provision of the email address and other data that may be indicated is optional but indispensable in order to be able to use the service and receive responses to your requests and, in their absence, we will not be able to proceed with the processing.

Purpose: The personal data provided in this way are used for the sole purpose of satisfying or responding to requests and are communicated to third parties only if this is necessary for that purpose.

Retention: The data is kept for the period necessary to fulfill the request and in compliance with current legislation.

Legal basis: the processing is carried out to fulfil a contractual and pre-contractual obligation assumed by the Data Controller with the service (Article 6, paragraph 1, letter b).

3. Newsletters and commercial/promotional communications.

Where explicitly requested by the user, it is possible to provide their contact details in order to receive communications of a commercial and/or informative nature with regard to the activity of the Data Controller. The provision of such data for these purposes is entirely optional but indispensable in order to be able to proceed with the provision of the promotional information service described above. We use a WordPress Plugln to send you the newsletter.

Purpose: the personal data provided in this way (Name, Surname and email address) are used for the sole purpose of satisfying or responding to requests and are communicated to third parties only if this is necessary for this purpose and only on the explicit consent of the interested party.

Retention: the data are retained for the period necessary to carry out the activity for which they were collected and, in any case, specifically for the purposes described above, and no longer than two years as expressly laid down for by law (unless the consent is renewed by the user for other purposes as laid down by current legislation).

Legal basis: the processing is carried out on the basis of the explicit consent of the interested party (art. 6, par. 1 letter a).

4. Data provided by sending CVs by email.

The optional, explicit and voluntary sending of CVs in order to apply for open positions or by sending a professional profile by email to the addresses indicated on this site leads the subsequent acquisition of the data communicated by the user, including email address and professional aptitude. Failure to provide the aforementioned data, although not mandatory, would make it impossible to evaluate the application and start the selection process. The personal data provided in this way are used for the sole purpose of satisfying or responding to requests and are communicated to third parties only if this is necessary for that purpose.

Legal Basis: the processing is carried out for the fulfillment of a contractual and pre-contractual obligation assumed by the Data Controller with the service (Article 6, paragraph 1, letter b).

Retention: The data is kept for the period necessary to fulfill the request and in compliance with current legislation and, in any case, no later than 12 months from receipt.

5. Enrolment on theoretical and practical training courses.

Purpose: personal data provided for enrolment on courses (Name, Surname, mobile phone, email address, city, name of dental office and address, Professional Association Number, Professional Policy, Number and company that issued it) are used to process enrolment requests.

The Data Controller communicates the data collected in this way to third parties with whom it has established a collaborative relationship for the purpose of providing the training service.

Retention: The data is kept for the period necessary to fulfill the request and in compliance with current legislation on tax and accounting obligations.

Legal Basis: the processing is carried out for the fulfilment of a contractual and pre-contractual obligation assumed by the Data Controller with the service (Article 6, paragraph 1, letter b).

6. Data collection following participation in trade fairs.

Purpose: personal and contact data are used for the management of commercial activities and for the development of new collaborations:

starting and maintaining working collaborations with external partners;

starting and maintaining working collaborations with aspiring internal collaborators;

documentation of trade fair activities and training activities in general.

Retention: The data are retained for the period necessary for the development of the collaborations.

Legal Basis: the processing is carried out for the fulfillment of a contractual and pre-contractual obligation assumed by the Data Controller with the service (Article 6, paragraph 1, letter b).

7. Links to other websites

The Website may include hypertext links to other websites. By clicking on one of these links, the user may be redirected to another website or Internet source that may collect information about the user through cookies or other technologies. The Data Controller assumes no responsibility or authority of control over these other websites or Internet resources, nor over their collection, use and disclosure of the user’s personal data. It is necessary to check the privacy statements of these other websites and Internet sources in order to be able to judge whether they act in compliance with the privacy legislation.

8. Integration of social media plugins.

We have integrated social media plugins (Instagram, Facebook, LinkedIn, YouTube) on the site. This means that when you click or tap on one of the buttons (for example, the Facebook “Like” button), some information will be shared with the social media service providers.

If you are connected to your social media account when you click or tap on one of these buttons, the social media provider may link this information to your social media account. Depending on your settings, they may also show these actions on your social media profile, which will then be visible to other users in your network.

9. Legitimate interest of the Data Controller

The Data Controller may process, without the User’s consent, personal data collected in the following cases:

in the case of extraordinary operations of merger, sale or transfer of a business unit, in order to allow the implementation of the operations necessary for the due diligence activity and preparatory to the sale. It is understood that only the necessary data will be processed for the aforementioned purposes, in the most aggregate/anonymous form possible.

analysis in anonymous and aggregate form and, with exclusive reference to the direct and on-demand service of Financial Events, included “unencrypted”, i.e. not anonymous (in the context of this service, only the following data will, in any case, be processed: personal data, contact details, company of origin, city of reference), of the use of the services that identify the habits and inclinations of users, to improve the services provided and to meet the specific needs of users, or the preparation of initiatives connected to the improvement of the services provided.

anonymous and aggregate analysis of the use of the services, in order to identify user habits and inclinations, to improve the services provided and to meet specific user needs, or to prepare initiatives related to the improvement of the services provided.

brand positioning and reputation analysis (web listening). This includes, in particular, identifying and evaluating what is being said on the web. This is done through keyword searches, without identifying users.

This site uses technical, tracking and profiling cookies. For details, refer to the appropriate cookie policy

1. RECIPIENTS OF THE DATA

The personal data collected are processed by the Data Controller’s personnel, who act with specific authorization on the basis of specific instructions provided in relation to the purposes and methods of the processing itself.

Furthermore, the persons designated data managers pursuant to art. 28 of the GDPR, or sub-managers, who the Data Controller makes use of for the provision of services and for carrying out the activities within its competence, may be recipients of the data collected following consultation of the Site or the use of services within the limits of the respective assignment.

The respective list can be requested from the Data Controller using the contact details referred to in section A.

Should, through the services offered by the site, a data manager be designated pursuant to art. 28 of the GDPR or sub-manager, the data shall be communicated to your Data Controller and/or your data manager.

As regards training, the Data Controller communicates the data of the participants to third parties with whom it has established a collaborative relationship for the purpose of providing the training service.

For the pursuit of the purposes indicated, the Data Controller may communicate the User’s personal data to third parties, such as, for example, those belonging to the following subjects or categories of subjects:

police forces, armed forces and other public administrations, for the fulfillment of obligations laid down by law, regulations or community legislation. In such cases, based on the applicable legislation on data protection, the obligation to acquire the prior consent of the interested party to such communications is excluded;

companies, bodies or associations, or parent companies, subsidiaries or associates pursuant to article 2359 of the civil code, or between these and companies subject to common control, as well as between consortia, business networks and groupings and temporary business associations and with subjects adhering to them, limited to communications for administrative and/or accounting purposes;

IT service providers.

 

1. DATA TRANSFER

There is no transfer abroad of the personal data provided.

1. RIGHTS OF THE INTERESTED PARTIES

The interested parties – the identified or identifiable natural persons to whom the data refer – can exercise specific data protection rights, as follows:

1. a) right of access: the right to obtain confirmation from the Data Controller that personal data is being processed and, in this case, to obtain access to the personal data and detailed information regarding the origin, purposes, categories of data processed, recipients of communications and/or data transfer and more;
2. b) right of rectification: right to obtain from the Data Controller the rectification of inaccurate personal data without unjustified delay, as well as the supplementation of incomplete personal data, including by providing a supplementary declaration;
3. c) right to deletion (“the right to be forgotten”): right to obtain from the Data Controller the deletion of personal data without unjustified delay in the event that: i. the data are no longer necessary with respect to the purposes of the processing; ii. the consent on which the processing is based is revoked and there is no other legal basis for the processing; iii. the personal data have been processed unlawfully; iv. The personal data must be deleted to fulfill a legal obligation;
4. d) the right to object to processing: the right to object at any time to the processing of personal data which has a legitimate interest of the Data Controller as its legal basis;
5. e) right to limitation: the right to obtain from the Data Controller the limitation of the processing, in the event that the accuracy

of the personal data is contested (for the period necessary for the Data Controller to verify the accuracy of that personal data), if the treatment is unlawful and/or the interested party has opposed the processing;

1. f) the right to data portability: the right to receive personal data in a structured, commonly used and automatically readable format and to transmit such data to another Data Controller, if technically feasible, only for cases in which the processing is based on the consent or the contract and only for data processed by electronic means;
2. g) the right to lodge a complaint with the supervisory authority: without prejudice to any other administrative or judicial appeal, the interested party who believes that processing concerning them breaches the Regulation has the right to lodge a complaint with the supervisory authority of the Member State in which they habitually reside or work, or of the State in which the alleged breach occurred.

The rights can be exercised by contacting the Data Controller using the contact details indicated in sections A and B which are repeated:

Data Controller info@c-tech-implant.com

DPO massimo.dimenna@gruppongegneria.it

This information briefing was updated on 06/03/2023.

---

INFORMATION ON THE PROCESSING OF PERSONAL DATA – FOR DENTAL PROFESSIONALS. 
Pursuant to article 13 of Regulation (EU) 2016/679 (“Privacy Policy”).

 

INFORMATION PURSUANT TO ART.13 EU REGULATION 2016/679

In compliance with the provisions of art. 13 of EU Regulation 2016/679, we provide you with the information required at the time of collection of your personal data.

1. DATA CONTROLLER

CTECH IMPLANT SRL with registered office in Via Cesare Battisti n. 2 – 40123 Bologna , Tel. 0516661817 – E-mail info@c-tech-implant.com  

2. DATA PROTECTION OFFICER (DPO)

The Data Controller has decided to appoint a Data Protection Officer Officer who you can contact to exercise your right, make a report or simply to obtain information on the processing of your data. To contact the DPO you can use the following contacts: Prof. Ing. Massimo Di Menna massimo.dimenna@ingpec.eu

3. CATEGORIES AND SOURCE OF DATA PROCESSED

Personal data collected and processed by the undersigned fall into the following categories:

1. identification and billing data of the professional: name, registration, address, telephone number, VAT number , tax code;
2. data of the patient(s) for whom the customized medical device is requested (name, surname, CF, age, sex, CT scan, x-rays and characteristics of the device);
3. medical prescription above.

Personal data subject to Processing may be collected in the following ways, through:

In the case described in the letter. a) the data are communicated directly by the Professional Doctor;

In the case described in the letter. b) and c) the data of the interested parties are provided to CTECH IMPLANT SRL by the professional doctor who collected them in compliance with current legislation providing specific information pursuant to art. 13 and 14 GDPR and has appointed CTECH Implant srl as Data Controller pursuant to art. 28 GDPR.

4. PURPOSE OF THE PROCESSING AND LEGAL BASIS

The personal data provided by you will be processed for purposes related to the execution of the contract, including any pre-contractual phase and, precisely, for bookkeeping, invoicing, carrying out communications both by paper and electronic means, tax obligations , organizational management of the requested services and stipulation of contracts, setting of appointments, order processing, deliveries, bureaucratic obligations relating to the services requested in the supply relationship. The data you provide is processed for the following purposes:

1. a) for the fulfillment of the contractual obligations deriving from the contract signed with you and for the protection of the contractual rights of the Data Controller. Legal basis of the processing is the contractual relationship as provided for by the art. 6 lett. b) European Reg .;
2. b) the fulfillment of the legal obligations established by the legal regulations for the requirements established by the fiscal and tax legislation. Legal basis of the processing is the contractual relationship as provided for by the art. 6 lett. c) European Reg .;
3. c) exercise the rights of the Data Controller, for example the right of defense in court (art. 6 letter f) Reg. 2016/679);
4. d) to follow up on specific requests addressed to the Data Controller for communications of an informative nature relating to the Data Controller’s Services, via e-mail messages or other communication tools such as the telephone (art. 6 letter b) Reg. 2016 /679).
5. e) Soft spam activities. Sending commercial communications relating to the Data Controller’s products and services similar to those you have already used, subject to the exercise of the right of opposition (art. 130 c. 4 Privacy Code).

The provision of data is mandatory, the refusal to provide the data or complete opposition to their processing for the purposes referred to may in any case make it impossible to conclude the contractual relationship with you.

5. RECIPIENTS OF THE DATA

Furthermore, your data may be communicated to third parties, for technical and operational needs strictly connected to the purposes set out above and in particular to the following categories of subjects:

1. a) suppliers and Partners who may have to carry out work or designs relating to the medical device;
2. b) bodies, professionals, companies or other structures appointed by us for processing related to the fulfillment of administrative, accounting and management obligations linked to the ordinary performance of our economic activity, also for credit recovery purposes;
3. c) to public authorities and administrations for purposes related to the fulfillment of legal obligations or to subjects entitled to access them pursuant to provisions of law, regulations, community legislation;
4. d) banks, financial institutions or other subjects to whom the transfer of the aforementioned data is necessary for the performance of our company’s activities in relation to the fulfillment, on our part, of the contractual obligations assumed towards you.
5. e) suppliers of installation, assistance and maintenance services of IT and telematic systems and systems and of all services functionally connected and necessary for the fulfillment of the services covered by the Contract. The list of data controllers are available upon request;
6. f) Related companies.
7. STORAGE TIMES

We will keep your data in a form that allows identification of the same for a period of time not exceeding the achievement of the purposes for which the data were collected; they will therefore be kept until the existence of the existing contractual relationship and no later than 10 years from the termination of the contract (art. 2946 cc regarding prescription). The data strictly necessary for tax and accounting obligations, once the purpose for which they were collected ceases to exist, will be retained for a period of 10 years as established by the art. 2220 cc

7. DATA TRANSFER

The Data Controller does not transfer personal data to third countries or to international organisations.

8. RIGHTS OF THE INTERESTED PARTY

Interested parties – identified or identifiable natural persons to whom the data refers – may exercise specific data protection rights, listed in the following list:

a) right of access: right to obtain confirmation from the Data Controller as to whether or not personal data is being processed and, in this case, to obtain access to the personal data and detailed information regarding the origin, purposes, categories of data processed, recipients of communication and/or data transfer and more;

b) right of rectification: right to obtain from the Data Controller the rectification of inaccurate personal data without unjustified delay, as well as the integration of incomplete personal data, also by providing a supplementary declaration;

c) right to cancellation (“oblivion”): right to obtain from the Data Controller the cancellation of personal data without unjustified delay in the event that: i. the necessary data are no longer necessary for the purposes of the processing; ii. the consent on which the processing is based is revoked and there is no other legal basis for the processing; iii. the personal data have been processed unlawfully; iv. the personal data must be deleted to comply with a legal obligation;

d) right to object to processing: right to object at any time to the processing of personal data which has a legitimate interest of the Data Controller as its legal basis;

e) right to limitation: right to obtain from the Data Controller the limitation of processing, in the event that the accuracy of the personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is illicit and/or the interested party has opposed the processing;

f) right to data portability: right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another data controller, if technically feasible, only for cases in which the processing is based on consent or contract and only for data processed via electronic means;

g) right to lodge a complaint with the supervisory authority: without prejudice to any other administrative or jurisdictional appeal, the interested party who believes that the processing concerning him or her violates the Regulation has the right to lodge a complaint with the supervisory authority of the Member State in question where he habitually resides or works, or of the State in which the alleged violation occurred.